Microsoft has released a patch to fill the vulnerability BlueKeep for Windows 7 but also, is unusual, Windows XP. This flaw is taken very seriously to the point of getting out of hinges the US National Security Agency (NSA).
In mid-May, Microsoft issued a security alert for a remote code execution vulnerability with the reference CVE-2019-0708, dubbed BlueKeep. This vulnerability can affect Windows 7, Windows XP, Windows 2003, Windows Server 2008 R2, and Windows Server 2008. Microsoft released a BlueKeep patch for Windows 7 and another patch for Windows XP.
“These reproduction conditions are ideal for the propagation of a worm that looks like WannaCry,”
The publisher strongly recommends that users apply it to the designated systems. Indeed, the code designed to exploit the vulnerability could disseminate a pre-authentication, without any intervention of the user. “These reproduction conditions are ideal for the propagation of a worm that looks like WannaCry,” Microsoft warned. In 2017, WannaCry had disabled millions of computers from a single, very broad-spread attack, infecting machines with ransomware. The NSA fears that this will happen again. “This kind of vulnerability is more and more commonly exploited by attackers who use malicious code that specifically targets vulnerability,” the US security agency wrote. “The vulnerability could for example be exploited to conduct denial of service attacks.”
A code of exploit soon spread on a large scale?
The NSA estimates that in a short time, remote exploit code will be widely available for this vulnerability. The agency fears that hackers are using the vulnerability in ransomware and exploit kits containing other known exploits, thus increasing nuisance capabilities against other unpatched systems.
Although the vulnerability was discovered more than two weeks ago, Microsoft notes that cybercriminals rarely act so quickly. For example, two months elapsed between the discovery of the EternalBlue vulnerability, which had set the stage for WannaCry attacks, and the moment when hackers began exploiting it. “Even though they have about 60 days to update their systems, many customers have not yet done so,” said Microsoft. Naturally, the publisher takes the opportunity to encourage customers to migrate from their old operating systems to its latest Windows 10 system.
Windows 8/10 versions not affected
While the Redmond firm has made the unusual decision to deliver a BlueKeep patch for Windows XP, support for Windows 7 comes to an end next January. “Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it’s no coincidence that later versions of Windows are not affected,” Microsoft wrote opportunely. “Microsoft is investing heavily in enhancing the security of its products, often through major architectural improvements that previous versions of Windows can not take advantage of.”